diff options
| author | Kyle Copperfield <kmcopper@danwin1210.me> | 2019-11-19 09:26:49 +0000 |
|---|---|---|
| committer | Kyle Copperfield <kmcopper@danwin1210.me> | 2019-11-26 08:50:35 +0000 |
| commit | 759968a6126a9bf4962a3ddea4eaf6466baff122 (patch) | |
| tree | 9c373fc9536cb586522f31ed3169f019250529fc /nixos/modules/profiles | |
| parent | 00ac71ab1932b395452209627011a32a63d81897 (diff) | |
| download | nixpkgs-759968a6126a9bf4962a3ddea4eaf6466baff122.tar nixpkgs-759968a6126a9bf4962a3ddea4eaf6466baff122.tar.gz nixpkgs-759968a6126a9bf4962a3ddea4eaf6466baff122.tar.bz2 nixpkgs-759968a6126a9bf4962a3ddea4eaf6466baff122.tar.lz nixpkgs-759968a6126a9bf4962a3ddea4eaf6466baff122.tar.xz nixpkgs-759968a6126a9bf4962a3ddea4eaf6466baff122.tar.zst nixpkgs-759968a6126a9bf4962a3ddea4eaf6466baff122.zip | |
nixos/hardened: scudo default allocator. zero by default allow override.
Diffstat (limited to 'nixos/modules/profiles')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 33e4ddc3fb4..da3de444768 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -14,6 +14,9 @@ with lib; nix.allowedUsers = mkDefault [ "@users" ]; + environment.memoryAllocator.provider = mkDefault "scudo"; + environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1"; + security.hideProcessInformation = mkDefault true; security.lockKernelModules = mkDefault true; |